Your submission was sent successfully! Close

CVE-2016-7134

Published: 11 September 2016

ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.0.10-1)
xenial
Released (7.0.8-0ubuntu0.16.04.3)